Application security software supplier Fortify Inc is to make more of its testing suite available on-demand in a service that integrates dynamic and static analysis, and which can be used to remove and prevent vulnerabilities in business applications.

The company which has been producing application security software for almost seven years and claims a customer base of 600, plans to push its on-demand services in a bid to attract smaller business.

“It’s a big indicator that application security technology is finally moving into the mainstream,” Fortify’s Director of Product Marketing Jon Gettinger told us. 

“We launched an on-demand application security service because we believe we are about to hit the second wave and want to sell to new types of business that have developed concerns about the security of their business applications.”

Gettinger explained that to date its application security software, which integrates both static and dynamic analysis methods to identify more than 400 types of vulnerabilities in 17 different programming languages and all the most popular business applications, has been the province of financial service companies, the public sector and other highly regulated sectors.

“We are now seeing food industry companies, and more smaller businesses taking an interest. Parkeon, a provider of parking and transport management systems is the latest recruit, having announced it is using Fortify software to check that its state-of-the-art electronic ticketing solutions are secure and vulnerability free. Its systems also need meet stringent compliancy standards and regulations such as PCI-DSS.

The new on-demand service to be launched next month by Fortify is effectively a stripped down version of its on-premise 360 product line. “It’s a simple but powerful managed service that focuses on a core set of 30-odd vulnerabilities in the most popular applications,” Gettinger said.

Fortify said its new approach aims to give the power of source code analysis, intelligence and accuracy in an SaaS/OnDemand environment so that an organisation has a starting point to tackle the problem of application security, whether it’s checking in-house software or purchased commercial software.

Two pricing options will be on offer for Fortify 360 on Demand. One is priced at $3,500 per scan per year for a single application. The other comes in at $10,000 a year for unlimited tests.

The company is already working with on-demand services in the shape of an audit, triage and fix service known as Fortify Vendor Security Management.
With that, an ISV can choose to upload binary commercial software to the on-demand system so that Fortify can assess the code with static and dynamic analysis, remediate any issues and report its health back to the software provider or to a prospective customer.